IPSwitch IMail server web client versions 12.3 and 12.4 before 12.4.1.15 suffer from a persistent cross site scripting vulnerability.
e9708dde34587f7954f8bbd7dc8a189e6644a211a4b0f6306d1057b08bd834d8FreeBSD Security Advisory - Due to an overlooked merge to -STABLE branches, the size for page fault kernel trace entries was set incorrectly. A user who can enable kernel process tracing could end up reading the contents of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password.
003649f925e12510c88e6cb5a41c1ae0e254a9bab779cb2c50b388f051a929e6FreeBSD Security Advisory - The OpenPAM library searches for policy definitions in several locations. While doing so, the absence of a policy file is a soft failure (handled by searching in the next location) while the presence of an invalid file is a hard failure (handled by returning an error to the caller). The policy parser returns the same error code (ENOENT) when a syntactically valid policy references a non-existent module as when the requested policy file does not exist. The search loop regards this as a soft failure and looks for the next similarly-named policy, without discarding the partially-loaded configuration. A similar issue can arise if a policy contains an include directive that refers to a non-existent policy.
c172f1629a0148dc04e340253e113146894af7408276fd65c6e6c6e3a50f19a6FreeBSD Security Advisory - There is a programming error in sendmail(8) that prevented open file descriptors have close-on-exec properly set. Consequently a subprocess will be able to access all open files that the parent process have open.
67eb06001085eef65797c58907ed0ff05690cedefd665a08e48f7f8b9ea16bf4setuid and setgid programs can escalate privileges via insecure RPATH use in IBM DB2 systems.
40679a4e85d6d23356386f0877e57636c158e282cb759a60f37f439933615e4ePHP version 5.5.13 and Lynis version 1.5.4 use /tmp insecurely.
e8fd9a05110d214b1f51e304a9c367e55a2709149d4453dfa7eef7d72082bdfbGoAgent performs improper TLS validation and install a root CA certificate with a known private key.
a42aee19935e8c20d21fdb23e247e16af40644fb70df89c65537de10511e22beBSI Advance Hotel Booking System version 2.0 suffers from a persistent cross site scripting vulnerability.
a63aae44e22e7b8503f7f8ed7f9a72ebf26200a47052caf46142200a81ea59f6UltraVintage suffers from cross site scripting and remote SQL injection vulnerabilities.
e27b919bab1f7594cbf897ddfd0c517cff37e620db2aa020e7c0afff7b66445b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed